Skip to main content

Insider attack

More
18 years 3 months ago #16923 by skyware
Insider attack was created by skyware
I am a senior in computer engineering. I have been assigned as my senior capstone to create a program to detect and prevent insider attacks. I am not very skilled in computer networking/hacking.

We have several computers with unpatched Operating systems that we are supposed to 'attack'. I have no idea what to do.

Please anyone who knows how i can attack these computers give me suggestions/how to do it.

This includes port scanning, packet gathering, spoofing. im not really sure where to go with this.


Thanks
More
18 years 3 months ago #16947 by Smurf
Replied by Smurf on topic Re: Insider attack
Struggling to post my answer, comes up with an error so something in the answer that isn't liked. Dont have time to work it out as i have to go to Milton Keynes to watch Robbie so when i return on Tuesday i will post what you need to know.

Cheers

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
18 years 3 months ago #16951 by Smurf
Replied by Smurf on topic Re: Insider attack
Still not letting me post ????

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
18 years 3 months ago #16952 by Arani
Replied by Arani on topic attack
hi,
try running this security.symantec.com/sscv6/default.asp?langid=ie&venid=sym as a first line of approach.
in the mean time. read up on attack, how they are done, and how you can detect them. your objective is to find out the vulnerability of your network or computers. hence you will have to achieve a reverse learning curve to start with.
it's a pity that you have been assigned a project which you know nothing about how to handle it. in short you are not wise enough in this field. but let me tell you, according to socrates, knowing that you don't know anything is knowledge in itself. half the battle is won by acknowledging the lack of knowledge, and admitting it.
i am sure you will be able to handle this. try surfing the internet and look for articles on these issues. i am sure you will come across sites where they actually teach you how to hack or spoof or even register attacks on computers or networks

Picking pebbles on the shore of the networking ocean
More
18 years 3 months ago #16994 by Rockape
Replied by Rockape on topic Re: Insider attack

I am a senior in computer engineering. I have been assigned as my senior capstone to create a program to detect and prevent insider attacks. I am not very skilled in computer networking/hacking.

We have several computers with unpatched Operating systems that we are supposed to 'attack'. I have no idea what to do.

Please anyone who knows how i can attack these computers give me suggestions/how to do it.

This includes port scanning, packet gathering, spoofing. im not really sure where to go with this.


Thanks


Skyware, please don't take this the wrong way, but your request seems a bit strange to me!!!!

Firstly, why would you need to internally attack your own PCs? If your machine are all correctly patched, and all your users have accounts with permissions, I don't understand why you want to internally attack the PCs?

And, if you believe that people are trying to internally attack your PCs, and if you accept everything I've said above. Then the people doing the attacking have all the permissions needed to hide what they are doing, so it's unlikely that you would see anything.

However, if this is a legimate project for work or school. Then please accept my apologies if I seem a bit over the top. I would suggest that the best way to resolve this issue is mentioned above. Patch the PCs and make sure that everyone who uses the system has an account with appropriate permissions should solve your problems. Then if you have any "issues" with a PC etc you can use the internal event viewer facility to try and track any activity.

Cheers

Rockape
More
18 years 3 months ago #16997 by d_jabsd
Replied by d_jabsd on topic Re: Insider attack
Do you have to write your own software to do this, or can you use software already available? Writing your own is 'reinventing the wheel', but the following apps will give you an idea of how to do it.

Look at snort and hogwash. Snort is an intrusion detection system and hogwash is an intrusion prevention system that rides on top of snort.

it has the ability to detect an attack, then act on it, with the action being a dynamic firewall rule, an email, an snmp trap, or anything else that you can find that is supported.
Time to create page: 0.133 seconds